From EDPB on November 25: The Norwegian Data Protection Authority has decided on an administrative fee of NOK 750,000 to Østfold HF Hospital. The background is that in the period 2013-2019, the hospital stored report extracts from patient records outside the safe zone. The case started with a notice of personal data breach from the…
Category: Exposure
GE puts default password in radiology devices, leaving healthcare networks exposed
Dan Goodin reports: Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday. The devices—used for CT scans, MRIs, X-Rays, mammograms, ultrasounds, and positron emission tomography—use a…
Sensitive details of of 7 million Indian cardholders available on dark web
Advait Palepu reports: Sensitive details belonging to 7 million debit and credit cardholders are available on a public Google Drive document that has been circulating on the dark web. The document was discovered by cybersecurity researcher Rajshekhar Rajaharia who reached out MediaNama stating that names of cardholders along with employers’ name, income levels, phone numbers, email addresses,…
Flight Centre hackathon behind 2017 breach, exposed 6918 customers’ data
Ry Crozier reports: A 2017 data breach at Flight Centre occurred when passport and credit card numbers for 6918 customers were accidentally left in a dataset used by the participants of a hackathon. Details of the breach are revealed in a determination by the Australian Information Commissioner and Privacy Commissioner Angelene Falk that Flight Centre breached Australian…
UK: Probe into data breach at Highland Perthshire resort after details of 2,400 members leaked online
Jamie Buchan reports: Bosses at a Perthshire holiday resort have been accused of an “inexcusable” security breach after posting the personal emails and phone numbers of more than 2,400 members on their website. The Loch Rannoch Highland Club, which counts former Tory leader Sir Iain Duncan Smith amongst its visitors, was reported to data protection…
Twitter data breach decision due on December 17: Irish data regulator
Samuel Stolton reports: Despite “very divergent views” between EU data protection authorities over a case of data breaches by Twitter, a final decision on the bloc’s first major cross-border online privacy case is due to be published on December 17th, it has been revealed. Irish Data Commissioner Helen Dixon said on Thursday (3 December) that talks…